MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
30 
38 
39  public function execute() {
40  $params = $this->extractRequestParams();
41 
42  if ( $this->lacksSameOriginSecurity() ) {
43  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
44  return;
45  }
46 
47  $user = $this->getUser();
48  $session = $this->getRequest()->getSession();
49  $salts = self::getTokenTypeSalts();
50 
51  $done = [];
52  $path = [ 'query', $this->getModuleName() ];
53  $this->getResult()->addArrayType( $path, 'assoc' );
54 
55  foreach ( $params['type'] as $type ) {
56  $token = self::getToken( $user, $session, $salts[$type] )->toString();
57  $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
58 
59  if ( !$fit ) {
60  // Abuse type as a query-continue parameter and set it to all unprocessed types
61  $this->setContinueEnumParameter( 'type',
62  array_diff( $params['type'], $done ) );
63  break;
64  }
65  $done[] = $type;
66  }
67  }
68 
77  public static function getTokenTypeSalts() {
78  static $salts = null;
79  if ( !$salts ) {
80  $salts = [
81  'csrf' => '',
82  'watch' => 'watch',
83  'patrol' => 'patrol',
84  'rollback' => 'rollback',
85  'userrights' => 'userrights',
86  'login' => [ '', 'login' ],
87  'createaccount' => [ '', 'createaccount' ],
88  ];
89  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
90  $hookRunner = new ApiHookRunner( $hookContainer );
91  $hookRunner->onApiQueryTokensRegisterTypes( $salts );
92  ksort( $salts );
93  }
94 
95  return $salts;
96  }
97 
110  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
111  if ( is_array( $salt ) ) {
112  $session->persist();
113  return $session->getToken( ...$salt );
114  } else {
115  return $user->getEditTokenObject( $salt, $session->getRequest() );
116  }
117  }
118 
119  public function getAllowedParams() {
120  return [
121  'type' => [
122  ParamValidator::PARAM_DEFAULT => 'csrf',
123  ParamValidator::PARAM_ISMULTI => true,
124  ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
125  ParamValidator::PARAM_ALL => true,
126  ],
127  ];
128  }
129 
130  protected function getExamplesMessages() {
131  return [
132  'action=query&meta=tokens'
133  => 'apihelp-query+tokens-example-simple',
134  'action=query&meta=tokens&type=watch|patrol'
135  => 'apihelp-query+tokens-example-types',
136  ];
137  }
138 
139  public function isReadMode() {
140  // So login tokens can be fetched on private wikis
141  return false;
142  }
143 
144  public function getHelpUrls() {
145  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
146  }
147 }
getResult()
Get the result object.
Definition: ApiBase.php:668
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:808
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1434
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:529
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:595
This is a base class for all Query modules.
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Module to fetch tokens via action=query&meta=tokens.
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
getHelpUrls()
Return links to more detailed help pages about the module.
isReadMode()
Indicates whether this module requires read rights.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
getExamplesMessages()
Returns usage examples for this module.
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
This class provides an implementation of the hook interfaces used by the core Action API,...
Service locator for MediaWiki core services.
internal since 1.36
Definition: User.php:98
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:2962
The MediaWiki class is the helper class for the index.php entry point.
Definition: MediaWiki.php:50
Service for formatting and validating API parameters.